German tech-news site Heise changed their "Like" buttons to be locally-hosted images that only transform into real Facebook "Like" buttons once you click them -- meaning that if you don't click anything, Facebook can't track you, and that actually "liking" the page requires two clicks. (Also presumably meaning that the page loads way faster.)

"The manner in which have incorporated the Heise.de Like Button violates our Platform Policies" Tina Kulow said of Facebook to heise online. Policies in these states:

8th You must not use or make derivative use of Facebook icons, or use terms for Facebook features and functionality, if such use could confuse users into thinking that the reference is to Facebook features or functionality.

Loosely translated, one must use one that is only for Facebook icon Facebook features. This is precisely the 2-click solution to the case. The only difference from conventional solutions is that these buttons before transferring any data to an explicit activation Facebook. How exactly violate this privacy-friendly 2-click solution to this paragraph shall is not yet clear. Facebook has also mentioned in our article on the occasion of the Web site of the radio station SWR3 asked to remove their similarly implemented, privacy-friendly 2-click solution.

If it hadn't occurred to you yet that Facebook cares far more about the "Like" buttons that you don't click than about the ones that you do -- there you go.

I had been considering doing this two-click thing solely to speed up my page loads. I find myself somewhat more motivated to do so now. (Though it still sounds like kind of a pain in the butt.)

To make it even better, it's arguably a violation of European data privacy law for a European website to include a non-privacy-protecting "Like" button on their website, since Facebook doesn't comply with data privacy requirements. (Basically: if a company keeps a database about a person, they must disclose the information to the person on request, delete the information if requested, correct the information if it is wrong, and maintain it securely against breaches, with real consequences if breached.) It's illegal for a company to export personally identifying information to avoid the requirements of the data privacy laws.

The manner in which Heise.de incorporated the Like button violates our Platform Policies”, Tina Kulow of Facebook explained to heise online. They state:

You must not use or make derivative use of Facebook icons, or use terms for Facebook features and functionality, if such use could confuse users into thinking that the reference is to Facebook features or functionality.

Loosely translated, this means you may only use Facebook icons for Facebook functionality. However this is in fact the case for the 2-click solution. The only difference from conventional solutions that these buttons will not transmit any data to Facebook prior to explicit activation. It remains unclear exactly how this data privacy-conscious solution is supposed to violate the named clause. Furthermore, following the mention in our article, Facebook have also sent the website of SWR3 radio a request to remove their similarly implemented, privacy-friendly 2-click solution.

And the first update:

Meanwhile Andreas van de Castel of Facebook substantiated the complaint: “Section I.8 forbids the imitation of Facebook functionality. You have done just that by using the Like button.”, he explained his interpretation of the situation. De Castel is responsible for Social Plugins at Facebook. However, these 2-click buttons use Facebook functionality without any modification, and differ only in how they are incorporated.
Should heise online not heed the request to stop this purported abuse, then the application would be blocked (which would be done based on its app ID) and “repeated, non-policy-conforming incorporation would result in a blacklisting of the domain on Facebook”. This would mean that heise.de contents could no longer be shared on Facebook, de Castel explained the further consequences.

(Beautiful… a threat.)

Update #2:

Tina Kulow of Facebook Germany has spoken again. In a tweet, she wrote: “To clarify: a 2-click button is not ideal – but not a problem. Only a Like button that merely visually pretends to be one is not OK. That’s all.” Since heise online changed the design of the button for the first click that activates the Like function, there should now be no obstacles on Facebook’s part to further use of the 2-click button by heise online and other websites.

[...] So how can Facebook then acquire more accurate data than these traditional companies? It’s pretty simple. You know that Like-button that is showing up all over the web these days? Turns out that Facebook is hosting all those images (and you cannot host this yourself as that is a Term of Service breach). [...]

Don't be a fucking idiot. Do you think they're there because I like Facebook or I think they're pretty? They're there because I'm running a fucking business and this is how you promote in the Twenty First Century.

I honestly don't understand how this works, because I have no Facebook account. With the Like/+1 buttons, if a lot of people click them or visit the pages that they are on, where and how does the resulting promotion occur? Is there any way to measure how much traffic they are driving?

It shows up in the feed of their friends when someone "likes" something. "DNA Pizza? Huh? If Joe likes it, maybe it's good!" Basically free advertising for the people using the Like buttons while FB chews through everyone's online activity and uses it to make their own ads more attractive to advertisers.

Can you be more specific? I'm looking at the like button on this very site, and I see that it's an iframe...

As far as iframes blocking the page load -- in general (AFAIK) most browsers will block the window.onload event for a page until their contents are loaded *only if* the iframe is part of the original DOM of the page. However, if the iframe is generated by a script (as is the case with fb like buttons -- take a look at the js source in this page) and inserted into the DOM by the script, most browsers that I know of will not block the onload event...

I see some js for google on that calendars page, but I don't see the same js to dynamically inject the fb like button...am I missing something? Are they 2 different implementations of the fb like button?
(I didn't dig in too deep, I have to head out but might play later)

Assuming I am just missing the js to inject the iframe, I wonder why iframes slow things down so much? I ran (only 1, to be fair) profile (in chrome) on that calendars page and the bulk of the time was spent on garbage collection...

The network timeline is interesting as well -- according to that (after loading the page a few times times to eyeball outliers), it looks like window.onload was blocked by all the /gallery/* pictures, not the iframes. The last of all the facebook and google resources appear to have loaded ~3seconds before those /gallery/* pictures finished at around the 3-3.25second mark

There actually is 2 versions of the Facebook Like button, one that uses an iFrame directly in the HTML code of the page and one that dynamically inserts an iFrame into the page through JS.

In my experience, the JS version does tend to make the page "FEEL" slower, because the Like button pops up often after the page is displayed. If you are not careful while coding it this can also cause issues with your page layout.

The iFrame version tends to reserve the space immediately and seems to be more responsive about showing immediate.

I have heard that if you have too many iFrames on a page the entire page becomes less responsive, and I think this would be where the JS version becomes preferable. The ability to control WHEN the Facebook Like buttons are generated on the page is vital to how your page feels to the end user. I'd rather the Like buttons take an extra 3s to show up, rather than have it slow down the entire page. I move all my Facebook Like button generating code out of the BODY of the HTML and into a function that I call after the DOM is loaded and sometimes even after I've done some other functions first, depending on the site, and how critical on-load JS actions are to the site.

I've long used a homebrew solution where the social networking buttons (facebook, google+, etc) only load after being in view for a certain amount of time. I determine this with an event handler for the window's scroll event. To help performance it only does a visibility check a few times a second, not every time the scroll event is fired, and it memoizes a list of dom nodes to check and their coordinate positions on initialization. After that it's just a matter of finding the document coordinates of the viewport and doing some math to see which dom nodes are visible. If it's visible, I copy a data-src attribute value to the src attribute value and remove the dom node from the check list. This loads the iframe. If this is not pretty enough you can replace an image with a constructed iframe.

This approach has worked very well for us and users seem to not mind it. Obviously you need javascript (which you mostly need anyway for those buttons), but it works on mobile browsers and solves the big page-load slowdown from loading all those iframes at once. It doesn't help for privacy, though, since no explicit user action is necessary to load the button. That requires a 2-click solution of some kind.

Google+ doesn't seem to do this by default (+1s people click are accessible but do not show up by default.) So I would recommend, if page load time is improved more than a few dozen milliseconds, just using the Facebook "like" and save the Google "+1" for until they ever do anything with it. On the other hand maybe it influences search results. I'm at my caring threshold.

The text facebook sent is about using their corporate brand and images in your page under false pretences. The site clearly doesn't have the right to appropriate the Like button and change its behaviour (2 clicks) as they are damaging facebooks brand by having an inconsistent user interface. Facebook have to enforce this rule as this could be the thin end of the wedge.

If they used their own image that you have to click to enable the facebook Like button, that would be fine.

[...] JWZ points out that Facebook blocks features that delay like-button loading. Part of Facebook’s long-term plan is to have enough identity data plus browsing data to operate an effective display network (though that business is competitive enough that they might just sell the data). [...]